Endpoint Protection Small Business Edition

 View Only
  • 1.  RHEL SEP Client Auto-Protect: Malfunctioning

    Posted Mar 11, 2015 01:46 PM

    We recently installed 12.1.5 on some RHEL clients and we are getting the following error.

    RHEL_Error.JPG

    The Clients seem to be talking with the SEPM running on a Windows 2008R2 server.

     

    RHEL_error2.jpg

    Does anybody have any ideas what's causing this error? I have a support ticket open but that'll take weeks to get any help.

     



  • 2.  RE: RHEL SEP Client Auto-Protect: Malfunctioning

    Posted Mar 11, 2015 03:58 PM

    Have you tried to do a reinstall?



  • 3.  RE: RHEL SEP Client Auto-Protect: Malfunctioning

    Posted Mar 11, 2015 09:55 PM

    Does SEP linux client are updated latest defination ?

    SEPm connot be updated virus defination , You need LUA or internet liveupdate server.

    Configuring Symantec Antivirus for Linux (SAVFL) to download definitions from the Distribution Center of an internal LiveUpdate Administrator (LUA) 2.x Server

    http://www.symantec.com/docs/TECH93505

    Enabling Mac and Linux clients to download LiveUpdate content using the Apache Web server as a reverse proxy

    http://www.symantec.com/docs/HOWTO85034



  • 4.  RE: RHEL SEP Client Auto-Protect: Malfunctioning

    Posted Mar 11, 2015 10:17 PM

    SEPM can infact provide updates to Linux clients assuming you configure it to do so.

    http://www.symantec.com/docs/HOWTO85034



  • 5.  RE: RHEL SEP Client Auto-Protect: Malfunctioning

    Posted May 29, 2015 02:43 PM

    I'm running into this same issue.  We've got a small number of Linux developers here and I'm trying to validate that SEP works on SUSE 11.3.    After a day of pulling it off the LAN, the status on my client now tells me Auto-Protect is malfunctioning once back on the LAN. The status on the admin console shows that everything is functioning properly.  I've rebooted a couple times.  The daemons all start.  The nightly scans run.  I don't see anything in the logs that indicate a problem.  I'm not sure what to do next.



  • 6.  RE: RHEL SEP Client Auto-Protect: Malfunctioning

    Posted May 29, 2015 02:48 PM

    We never found a fix. They told us the problem was our kernel wasn't supported. I guess we'll have to wait another year for Symantec to catch up with Redhat. Symantec's update schedule for SEP is pretty bad. In today's world of needing to adapt to current updates, they are terrible.



  • 7.  RE: RHEL SEP Client Auto-Protect: Malfunctioning

    Broadcom Employee
    Posted Jun 01, 2015 05:11 AM

    Hi All,

    FYI:

    Auto-Protect shows malfunctioning until the virus definitions are loaded.



  • 8.  RE: RHEL SEP Client Auto-Protect: Malfunctioning

    Posted Jun 01, 2015 08:09 AM

    You're implying that the virus definitions are not loaded.  When I initally installed SEP, it took about 10 minutes before my client was updated with virus definitions.  Once that happened, the SEP shield in the task bar went from red to green and Auto-Protect was running normally.

    I had to take my laptop off the LAN to do some work.  It was only after I put it back on the LAN that I noticted the SEP shield in the task bar was red and the Auto-Protect status was "malfunctioning". I logged off and back on and I rebooted. It didn't help. I am connected to the LAN just fine.  I left for the weekend hoping after some time that this might resolve on its own.  It has not.  In fact, the virus definitions were updated automatically over the weekend. The version is 05/31/2015 rev. 4. So this is an issue with Auto-protect and not virus definitions.



  • 9.  RE: RHEL SEP Client Auto-Protect: Malfunctioning

    Broadcom Employee
    Posted Jun 23, 2015 04:18 PM

    It is recommended that 12.1 RU6 be installed if 12.1 RU5 is still giving issues. It increased kernel support to 3.10.0-229 to coincide with RHEL 7 Update 1.

     

    Supported Linux kernels for Symantec Endpoint Protection
    http://www.symantec.com/docs/TECH223240

    Excerpt: The following Linux operating systems (and kernel versions) have been tested and should successfully install and enable the precompiled kernel modules for AutoProtect:

    • Red Hat Enterprise Linux 7.0 GA (3.10.0-123)
    • Red Hat Enterprise Linux 7 Update 1 (3.10.0-229)
    • Red Hat Enterprise Linux 6 Update 6 (2.6.32-504)
    • Red Hat Enterprise Linux 5 Update 11 (2.6.18-398)
    • CentOS 6 Update 6 (2.6.32-504)
    • SuSE Linux Enterprise Server 11 (2.6.27)
    • Oracle Enterprise Linux UEK 6.5 (3.8.13-55)

    The following Linux operating systems (and kernel versions) have been tested and should successfully install and enable the auto-compiled kernel modules for AutoProtect:

    • CentOS 7.0 (3.10.0-123)
    • CentOS 7 Update 1 (3.10.0-229)
    • Ubuntu 13.04 (3.9.8)
    • Ubuntu 14.04 LTS Desktop (3.13)

    Note: This list should not be considered complete and exclusive. Linux operating systems and kernels that do not appear on this list may successfully install and enable the Auto-Protect kernel module.

     

    It is also important to ensure that there is sufficient disk space available to process newly released definitions. At present we highly recommend 5 - 10 GB free in /tmp and /opt/Symantec.

    At a minimum you need to have 7 GB free disk space overall:

    https://support.symantec.com/en_US/article.TECH230602.html#SEPClientLinuxSysReq

     

    Confirming that the SEP for Linux drivers are installed can also help confirm whether the SEP client will report correctly, if at all, to the SEPM (let alone properly function).

    The lsmod command can confirm this. Just look for symap_* and symev_* in the list. If they are missing, it is recommended that the client be uninstalled and reinstalled.

     

    In-depth review of the sepfl-install.log will show if any errors were reported during install, as will /var/log/messages and /var/symantec/Logs/debug.log. If posted we can certainly take a look and provide feedback.



  • 10.  RE: RHEL SEP Client Auto-Protect: Malfunctioning

    Posted Jun 26, 2015 11:05 AM

    After opening a case and working with Symantec support, we finally determined that my problem was as a result of updating my SUSE 11 SP3 computer with all of the security updates and mandatory patches from the Novell official subscription repsitories.  Some of those updates included kernel updates.  A kernel update requires that Symantec autoprotect be rebuilt.

    1.    cd  into the ./src folder of the extracted SEP for Linux installer package.
    2.    Command: tar -xf ap-kernelmodule.tar.bz2
    3.    Command: cd ap-kernelmodule-12.1.5337-5000
    4.    Command: ./build.sh

    If you get a build error saying soemthing about the kernel release not specified or kernel modules for the current version not found, you have to first install the new kernel source headers associated with your kernel.

    zypper install kernel-source

    or use YaST



  • 11.  RE: RHEL SEP Client Auto-Protect: Malfunctioning

    Broadcom Employee
    Posted Jun 26, 2015 11:58 AM

    It's been confirmed that if a kernel update/upgrade was applied while SEP was installed it can break AutoProtect functionality. As a result, it is highly recommended that when the kernel is upgraded that you then recompile the AutoProtect modules for said kernel. For more details, please review the following documentation:

    Manually compile Auto-Protect kernel modules for Endpoint Protection for Linux
    http://www.symantec.com/docs/TECH132773